<?php
/**
 * @file indigo/framework/classes/User.php
 * Contains the definition for the User class
 */
  namespace indigo\framework;
  
 /**
  * @class User
  * User class used for managing user sessions and data
  */
  class User
  {
   /**
    * Sets the session parameters that will be used by the current session based on configuration options
    *  set in config.php
    */
    public function __construct()
    {
      global $usConfig;

      session_set_cookie_params(3600, $usConfig->get('document_root'), $usConfig->get('domain'));
      session_name($usConfig->get('cookie_name'));
      session_start();
    }

   /**
    * Logs the user out
    *
    * This function unsets all $_SESSION variables and destroys the session based on the example provided in the PHP Manual
    *
    * @see http://fi2.php.net/manual/en/function.session-destroy.php
    */
    public function logout()
    {
      /* Taken from the PHP Manual (2011-09-01): session_destroy() > Example #1 */
      
      // Unset all of the session variables.
      $_SESSION = array();

      // If it's desired to kill the session, also delete the session cookie.
      // Note: This will destroy the session, and not just the session data!
      if (ini_get("session.use_cookies")) {
        $params = session_get_cookie_params();
        
        setcookie(session_name(), '', time() - 42000,
          $params["path"], $params["domain"],
          $params["secure"], $params["httponly"]
        );
      }

      // Finally, destroy the session.
      session_destroy();
    }
    
   /**
    * Retrieves the session's current transaction token. 
    * 
    * The token is created if it isn't found
    *
    * @returns The current transaction token
    * @see regenerateTransactionToken()
    */
    public function getTransactionToken()
    {
      if (!isset($_SESSION["user"]["transaction_token"]) || !$_SESSION["user"]["transaction_token"]) {
        $this->regenerateTransactionToken();
      }
      
      return $_SESSION["user"]["transaction_token"];
    }
    
   /**
    * Regenerates / creates the transaction token for the current session
    *
    * The session is generated using the hash salt specified in config.php concatenated with
    *  a call to mt_rand(), time(), uniqid(), the user's IP Address, and User-Agent string.
    *
    * @returns The new transaction token
    */
    public function regenerateTransactionToken()
    {
      global $usConfig;
      
      $_SESSION["user"]["transaction_token"] = md5($usConfig->get('hash_salt') . mt_rand() . time() . $_SERVER["REMOTE_ADDR"] . $_SERVER["HTTP_USER_AGENT"] . uniqid());
      return $_SESSION["user"]["transaction_token"];
    }
   
   /**
    * Compares the user input with the current transaction token
    *
    * If it matches, the function creates a new transaction token for future transactions and returns true.
    *  The current token is left untouched if the check fails
    *
    * @retval true If the user input and the current token matches
    * @retval false if otherwise
    */
    public function checkTransactionToken($input)
    {
      $token = $this->getTransactionToken();
      if ($input == $token) {
        $this->regenerateTransactionToken();
        return true;
      }

      return false;
    }
  }